Valid as of June 2020
Contact details for register-related matters
Customer Register Officer
Köydenpunojankatu 5, 00180 Helsinki
Telephone: 09 424 757 88
Name of the register
Register holding data related to CrediNord Oy customers and business (“CrediNord’s Customer Register”)
Purpose of processing personal data
Personal data is processed by CrediNord Oy and used in its online services for the preparation and issue of loan decisions, customer identification, invoicing and debt collection, as well as for credit supervision. The Customer Register is also used for storage, and reporting- and enquiry-related requirements, in accordance with legal obligations and official regulations and guidelines.
We record all customer calls to ensure the quality of our customer service and to save information related to potential complaints or claims.
Customer data kept in the register may be used by the data controller and other companies within the same group for marketing and market research purposes, without disclosing personal data to third parties. In connection with credit decisions and credit control, CrediNord Oy may disclose personal data to a credit record provider who has given the Data Protection Supervisor appropriate notice in accordance with Section 38 of the Credit Information Act.
Furthermore, CrediNord Oy uses personal data to prevent money laundering and terrorist activities, as well as for sanctions and sanction list comparisons, as per mandatory legal regulations.
Register data content
The CrediNord Oy Customer Register contains the following information:
- social security number and gender
- telephone number
- email address
- bank details
- income and expenditure information
- other information given by the customer
Information related to customer status and customer applications:
• date of commencement of customer status
• information related to credit applied and received by the customer, as well as credit decisions
• information from a credit record provider required for issuing credit
• information about any communications sent to the customer
• IP address from which the customer contacted the service
• information related to invoicing and debt collection
• use of free services (e.g. newsletter)
• benefits and campaigns addressed to the customer or otherwise available, as well as the use thereof (including campaigns by the data controller’s partners)
• details of consent and objections to direct and targeted marketing
• risk management and statistics
• information required to fulfil legal obligations
• information required to fulfil legal obligations related to prevention of money laundering and terrorist activities
• surveillance of fraud and other criminal activities and, when needed, reporting to the authorities
Regular data sources
The data provided by the customer, checked by CrediNord Oy (e.g. through Asiakastieto Oy, population register, Nordic Api Gateway A/S, companies providing private citizens’ name and address information) or modified during the maintenance of the service.
Personal data may be collected and updated from the registers of the data controller and any other company within the same group, from population register, credit record registers, and any other equivalent public or private registers or data sources providing data services, as well as from the data controller’s partners.
Regular data disclosure and data transfer beyond the borders of the EU/EEA
We aim to keep all personal data within the EU/EEA. It is possible, however, that personal data may also be managed in a third country on behalf of a particular service provider or subcontractor, providing that sufficient data privacy conditions have been ensured in accordance with GDPR requirements.
Personal data is not disclosed to third parties, except for the following:
• authorities in connection with legal obligations
• the company in charge of the data controller’s invoicing and debt collection
• marketing purposes mentioned in this privacy statement
Protective measures for the Customer Register
All non-digital content is stored in secure rooms. Electronic data is stored in an adequately protected database that requires user authentication. All data is processed in a confidential manner and can be accessed by external parties only in the circumstances separately described in this privacy statement.
The register is stored in a protected and supervised equipment room. The data controller’s employees are bound by confidentiality with regards to the data in the register, and access to the register is technically and physically protected.
Some data from the register may be sold or disclosed in accordance with the GDPR and Data Privacy Act to selected partners of CrediNord Oy for direct marketing and market research purposes, as well as for organising marketing contests, unless the customer has specifically forbidden the disclosure of their data. CrediNord Oy may use customer data for its own direct advertising, distance selling and other direct marketing activities (including electronic means of communication).
The right to access
The customer has the right to access his or her data stored in the register. Any such requests should be sent in writing to the data controller at the following address: Köydenpunojankatu 5, 00180 Helsinki, Finland.
The right to correction
In accordance with Section 29 of the Personal Data Act, the customer may ask for his or her information to be updated or correction by sending a written request to email@example.com .
CrediNord Oy aims to ensure that all customer information is accurate and up to date by updating customers’ official personal and contact details from the population register. Any modifications made in the population register, such as address changes, are automatically reflected in CrediNord Oy’s Customer Register.
The right to data deletion
After the end of the customer relationship, CrediNord Oy is obliged by law to retain the customer’s data for a time period defined in legislation for such purposes as accounting and risk management. Typically, the data is kept for 10 years after the end of the customer relationship.
The right to object
In accordance with regulations, the data subject has the right to object to CrediNord Oy’s processing of his or her data for direct advertising, distance selling or other type of direct marketing activities, as well as for the purposes of market research and opinion polls. The customer may object to receiving marketing communications by addressing his or her written and signed objection to the data controller at firstname.lastname@example.org or Köydenpunojankatu 5, 00180 Helsinki, Finland.
The right to make a complaint to the Data Protection Supervisor and to receive additional information about the processing of personal data. The data subject has the right to make a complaint to the data protection authorities or to ask for their guidance in matters related to the processing of his or her personal data. The Data Protection Supervisor’s office’s address is at PL 800, 00531 Helsinki, Finland. Email: tietosuoja(at)om.fi. Telephone: 029 566 6700 (exchange)
Furthermore, CrediNord Oy may use third-party cookies where, for instance, CrediNord Oy may be assisted by a partner in analysing and evaluating the use of its website.
The customer can change the settings of his or her internet browser to block either all cookies or those that do not originate from CrediNord Oy’s service. The customer can also change their browser settings in such a way that he or she is notified every time a particular cookie is being used. Blocking all cookies may lead to CrediNord Oy’s service completely or partially malfunctioning.